Advanced Attacks Require New Approaches Beyond Traditional Firewalls and Signature-Based Prevention Mechanisms
BOSTON, July 20, 2017 /PRNewswire/ — CyberX, provider of the most widely-deployed industrial cybersecurity platform for continuously reducing ICS risk, today announced that with its launch today of Attack Vector Prediction technology (see related release), it is now addressing all four requirements of Gartner’s Adaptive Security Architecture — including Prediction, Prevention, Detection, and Response.
“Customers are looking to reduce complexity by deploying a holistic ICS security platform, rather than multiple point solutions,” said Nir Giller, CTO/CISO and co-founder of CyberX. “Our focus will continue to be on delivering innovation that provides our customers with continuous visibility and proactive defense capabilities across all four critical domains of the Adaptive Security Architecture.”
In their seminal report published in 2014 and refreshed in 2016, Gartner analysts Neil MacDonald and Peter Firstbrookwrote that “Advanced targeted attacks are easily bypassing traditional firewalls and signature-based prevention mechanisms. All organizations should now assume that they are in a state of continuous compromise.” They added that “Enterprises are overly dependent on blocking and prevention mechanisms that are decreasingly effective against advanced attacks. Comprehensive protection requires an adaptive protection process integrating predictive, preventive, detective and response capabilities.”1
How CyberX Addresses Adaptive Security
As organizations shift from a mindset of “incident response” to one of “continuous response,” they require continuous monitoring enabling them to continuously adapt their security posture. CyberX’s industrial cybersecurity platform addresses all four stages of Gartner’s Adaptive Security Architecture, which work together as an integrated system to provide superior protection for advanced ICS threats:
- DETECT: Cyber provides continuous ICS threat monitoring and anomaly detection to immediately alert on suspicious or unauthorized behavior, such as port scanning during cyber-reconnaissance; unusual device commands and errors; and unauthorized changes to PLC ladder logic and firmware. CyberX’s Detect capability leverages CyberX’s deep understanding of industrial protocols, combined with ICS-specific behavioral analytics and machine learning algorithms specifically designed for machine-to-machine (M2M) communications. CyberX’s M2M analytics are enriched with contextual information from the company’s proprietary ICS-specific threat intelligence research, which is curated by ex-military cyber defenders with field experience defending critical national infrastructure.
- RESPOND: The CyberX platform provides deep forensic, investigation and threat hunting capabilities, with advanced data mining tools and immediate access to full-fidelity PCAP files for drill-down analysis. IR teams can easily search through historical traffic based on custom search parameters, including ICS-specific queries such as function codes unique to each industrial protocol. CyberX supports all SIEMs and provides a REST API for easy integration with existing SOC workflows and elimination of data silos.
- PREDICT: CyberX’s Predict capability is provided by its new ICS Attack Vector Prediction technology. An industry first, it incorporates advanced analytics to continuously predict the most likely paths of targeted ICS attacks on an organization’s most critical Operational Technology (OT) assets. Security teams can quickly simulate what-if mitigation actions to adjust their security posture and reduce their attack surface, such as “If I isolate or patch this insecure device, does it eliminate the risk to my most critical assets?” This innovative approach enables OT security teams to proactively mitigate risk and prioritize mitigation activities — enabling more effective use of limited skilled resources and narrow maintenance windows. In addition, visualization of potential breach paths helps business management and OT stakeholders more easily understand the business impact of top risks to their most valuable assets.
- PREVENT: CyberX’s agentless asset discovery and automated, non-invasive vulnerability assessments enable organizations to harden vulnerable systems, identify rogue devices, pinpoint weak zoning rules, and prevent attacks. In addition, CyberX integrates with industry-standard firewalls such as Checkpoint and unidirectional gateways such as Waterfall to automatically block malicious traffic or isolate malware-infected hosts. CyberX also provides a full REST API for integration with other prevention solutions.
CyberX will be demonstrating its continuous ICS threat monitoring and risk assessment platform — along with its new Attack Vector Prediction technology — at Black Hat 2017 in Las Vegas, July 26-27 (booth #58 in the Innovation City, on the 2nd floor near the Arsenal tool demo area).
Join us on Wednesday, July 26 at 3pm PT for a book signing and book giveaway with Clint Bodungen, the lead author of “ICS Hacking Exposed,” the definitive 390-page guide published by McGraw-Hill Education (while supplies last).
1 Gartner “Designing an Adaptive Security Architecture for Protection From Advanced Attacks,” by Neil MacDonald and Peter Firstbrook, February 2014, refreshed 28 January 2016.
CyberX Industry Recognition:
Gartner, Cool Vendors in in Security for Technology and Service Providers, 2015, April 2015 – A Cool Vendor
About CyberX (Twitter: @CyberX_Labs)
CyberX provides the most widely-deployed industrial cybersecurity platform for continuously reducing ICS risk. Deployed in the world’s largest environments and backed by ex-military cyber experts, the CyberX platform uniquely combines continuous ICS threat monitoring with proprietary M2M behavioral analytics and ICS-specific threat intelligence to identify advanced cyberattacks in real-time.
By monitoring ICS/SCADA/OT networks for targeted attacks, ransomware and industrial malware, the CyberX platform enables organizations to prevent costly production outages, catastrophic safety failures, and theft of corporate IP.
CyberX has gained considerable industry recognition including being named one of the “10 Coolest IoT Start-Ups” by CRN. The company is also the only industrial cybersecurity vendor selected for the SINET16 Innovator Award sponsored by the US DHS and DoD, and the only ICS security vendor recognized by the International Society of Automation (ISA).
An active member of the Industrial Internet Consortium (IIC) and the ICS-ISAC, CyberX’s groundbreaking ICS threat intelligence research was recently featured in the popular McGraw-Hill book series, “ICS Hacking Exposed.” For more information visit CyberX-Labs.com.